1 /* 2 * Copyright (c) 2000-2021 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 /* 29 * @OSF_COPYRIGHT@ 30 */ 31 /* 32 * Mach Operating System 33 * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University 34 * All Rights Reserved. 35 * 36 * Permission to use, copy, modify and distribute this software and its 37 * documentation is hereby granted, provided that both the copyright 38 * notice and this permission notice appear in all copies of the 39 * software, derivative works or modified versions, and any portions 40 * thereof, and that both notices appear in supporting documentation. 41 * 42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" 43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR 44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. 45 * 46 * Carnegie Mellon requests users of this software to return to 47 * 48 * Software Distribution Coordinator or [email protected] 49 * School of Computer Science 50 * Carnegie Mellon University 51 * Pittsburgh PA 15213-3890 52 * 53 * any improvements or extensions that they make and grant Carnegie Mellon 54 * the rights to redistribute these changes. 55 */ 56 /* 57 */ 58 /* 59 * File: mach/vm_prot.h 60 * Author: Avadis Tevanian, Jr., Michael Wayne Young 61 * 62 * Virtual memory protection definitions. 63 * 64 */ 65 66 #ifndef _MACH_VM_PROT_H_ 67 #define _MACH_VM_PROT_H_ 68 69 /* 70 * Types defined: 71 * 72 * vm_prot_t VM protection values. 73 */ 74 75 typedef int vm_prot_t; 76 77 /* 78 * Protection values, defined as bits within the vm_prot_t type 79 * 80 * When making a new VM_PROT_*, update tests vm_parameter_validation_[user|kern] 81 * and their expected results; they deliberately call VM functions with invalid 82 * vm_prot values and you may be turning one of those invalid protections valid. 83 */ 84 85 #define VM_PROT_NONE ((vm_prot_t) 0x00) 86 87 #define VM_PROT_READ ((vm_prot_t) 0x01) /* read permission */ 88 #define VM_PROT_WRITE ((vm_prot_t) 0x02) /* write permission */ 89 #define VM_PROT_EXECUTE ((vm_prot_t) 0x04) /* execute permission */ 90 91 /* 92 * The default protection for newly-created virtual memory 93 */ 94 95 #define VM_PROT_DEFAULT (VM_PROT_READ|VM_PROT_WRITE) 96 97 /* 98 * The maximum privileges possible, for parameter checking. 99 */ 100 101 #define VM_PROT_ALL (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE) 102 103 /* 104 * An invalid protection value. 105 * Used only by memory_object_lock_request to indicate no change 106 * to page locks. Using -1 here is a bad idea because it 107 * looks like VM_PROT_ALL and then some. 108 */ 109 110 #define VM_PROT_NO_CHANGE_LEGACY ((vm_prot_t) 0x08) 111 #define VM_PROT_NO_CHANGE ((vm_prot_t) 0x01000000) 112 113 /* 114 * When a caller finds that he cannot obtain write permission on a 115 * mapped entry, the following flag can be used. The entry will 116 * be made "needs copy" effectively copying the object (using COW), 117 * and write permission will be added to the maximum protections 118 * for the associated entry. 119 */ 120 121 #define VM_PROT_COPY ((vm_prot_t) 0x10) 122 123 124 /* 125 * Another invalid protection value. 126 * Used only by memory_object_data_request upon an object 127 * which has specified a copy_call copy strategy. It is used 128 * when the kernel wants a page belonging to a copy of the 129 * object, and is only asking the object as a result of 130 * following a shadow chain. This solves the race between pages 131 * being pushed up by the memory manager and the kernel 132 * walking down the shadow chain. 133 */ 134 135 #define VM_PROT_WANTS_COPY ((vm_prot_t) 0x10) 136 137 #ifdef PRIVATE 138 /* 139 * The caller wants this memory region treated as if it had a valid 140 * code signature. 141 */ 142 143 #define VM_PROT_TRUSTED ((vm_prot_t) 0x20) 144 #endif /* PRIVATE */ 145 146 /* 147 * Another invalid protection value. 148 * Indicates that the other protection bits are to be applied as a mask 149 * against the actual protection bits of the map entry. 150 */ 151 #define VM_PROT_IS_MASK ((vm_prot_t) 0x40) 152 153 /* 154 * Another invalid protection value to support execute-only protection. 155 * VM_PROT_STRIP_READ is a special marker that tells mprotect to not 156 * set VM_PROT_READ. We have to do it this way because existing code 157 * expects the system to set VM_PROT_READ if VM_PROT_EXECUTE is set. 158 * VM_PROT_EXECUTE_ONLY is just a convenience value to indicate that 159 * the memory should be executable and explicitly not readable. It will 160 * be ignored on platforms that do not support this type of protection. 161 */ 162 #define VM_PROT_STRIP_READ ((vm_prot_t) 0x80) 163 #define VM_PROT_EXECUTE_ONLY (VM_PROT_EXECUTE|VM_PROT_STRIP_READ) 164 165 #ifdef PRIVATE 166 /* 167 * When using VM_PROT_COPY, fail instead of copying an executable mapping, 168 * since that could cause code-signing violations. 169 */ 170 #define VM_PROT_COPY_FAIL_IF_EXECUTABLE ((vm_prot_t)0x100) 171 #endif /* PRIVATE */ 172 173 /* 174 * Another invalid protection value to support pager TPRO protection. 175 * VM_PROT_TPRO is a special marker that tells the a pager to 176 * set TPRO flags on a given entry. We do it this way to prevent 177 * bloating the pager structures and it allows dyld to pass through 178 * this flag in lieue of specifying explicit VM flags, allowing us to handle 179 * the final permissions internally. 180 */ 181 #define VM_PROT_TPRO ((vm_prot_t) 0x200) 182 183 #if defined(__x86_64__) 184 /* 185 * Another invalid protection value to support specifying different 186 * execute permissions for user- and supervisor- modes. When 187 * MBE is enabled in a VM, VM_PROT_EXECUTE is used to indicate 188 * supervisor-mode execute permission, and VM_PROT_UEXEC specifies 189 * user-mode execute permission. Currently only used by the 190 * x86 Hypervisor kext. 191 */ 192 #define VM_PROT_UEXEC ((vm_prot_t) 0x8) /* User-mode Execute Permission */ 193 194 #define VM_PROT_ALLEXEC (VM_PROT_EXECUTE | VM_PROT_UEXEC) 195 #else 196 #define VM_PROT_ALLEXEC (VM_PROT_EXECUTE) 197 #endif /* defined(__x86_64__) */ 198 199 200 #endif /* _MACH_VM_PROT_H_ */ 201